CVE-2024-21733
published 2024-01-19CVE-2024-21733: Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.
Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | >= 8.5.7 < 8.5.64 | 8.5.64 |
| apache | tomcat | >= 9.0.1 < 9.0.44 | 9.0.44 |
| apache_software_foundation | apache_tomcat | 8.5.7 – 8.5.63 | — |
| apache_software_foundation | apache_tomcat | 9.0.0-M11 – 9.0.43 | — |
| debian | tomcat9 | < tomcat9 9.0.53-1 (bookworm) | tomcat9 9.0.53-1 (bookworm) |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM